*Is there some magic language out there that cleans all external input for you?*... | Hacker News

Hacker Timesnew | past | comments | ask | show | jobs | submit

		colanderman on Jan 8, 2013 \| parent \| context \| favorite \| on: 2012: A Year in PHP Is there some magic language out there that cleans all external input for you? If by "magic" you mean simply disallowing non-structured queries (which is pretty darn easy with a Structured Query Language): http://en.wikipedia.org/wiki/Language_Integrated_Query http://www.impredicative.com/ur/ http://pgocaml.forge.ocamlcore.org/ https://github.com/mfp/ocaml-sqlexpr and that's just off the top of my head.

TylerE on Jan 8, 2013 [–]

Also, for instance, the (quite nice) Sequel library in ruby makes this painless

DB["insert into foo (bar, baz, qux) VALUES (?, ?, ?)", bar, baz, qux].insert

And the library handles all the escaping, and even type conversion for you (e.g. Date objects to SQL compatible date strings)

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact